Privacy Policy
01Introduction
This Privacy Policy explains what personal information JumpKit (“JumpKit”, “we”, “our”, or “us”) collects when you use the JumpKit mobile application (the “App”) and this website (together, the “Services”), how we use and share that information, how long we keep it, and the rights you have over it.
By using the Services you agree to this Privacy Policy. If you do not agree, please do not use the Services.
02Who We Are
JumpKit is an independently operated vertical-jump training application. For the purposes of the EU/UK General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), JumpKit acts as the data controller / business with respect to the personal information described in this Policy.
You can reach us about any privacy matter through our contact page.
03Information We Collect
Account information
When you create an account in the App we collect a user identifier and your email address. We do not store passwords: you sign in using Apple Sign-In, Google Sign-In, or a one-time code sent to your email. The identity provider you choose may share additional information (such as your name) with us as part of the sign-in flow.
Profile, biometric, and health information
During onboarding we collect the information needed to design your training program. This includes:
- Age, gender, height, and weight
- Sport, position, and competitive level
- Experience level and training history
- Current vertical jump and your vertical-jump goal
- Available equipment and training environment
- Training days per week, preferred days, and target session length
- Motivation, focus priority, barriers, commitment level, and goal timeline
- Injury or limitation notes that you choose to provide (treated as health-related information)
Height, weight, and injury notes are health-related and biometric in nature. We collect them only with your action during onboarding, use them only to generate and adapt your training program, and never share them for marketing.
Jump videos and biomechanics
When you record or upload a vertical-jump video in the App, the video is sent to our servers for processing by our computer-vision pipeline. The pipeline extracts biomechanical measurements (joint angles, ground-contact time, estimated vertical inches, form grade, and related metrics). We retain the extracted measurements as part of your training history. We may also retain the original video while it is being processed and for a limited diagnostic window afterwards; you can request earlier deletion through the contact page.
Training activity
We store the programs generated for you, your workout logs (sets, reps, loads completed), milestones, your AI-coach chat history, and notifications we’ve sent you.
Subscription and purchase information
Subscriptions and one-time purchases are processed by Apple (App Store) or Google (Play Store) and managed through RevenueCat. We receive your entitlement status (free or Pro), the product purchased, and an opaque transaction identifier. We do not receive or store your payment card details.
Device and usage information
We collect a limited set of device and usage data, including an Expo push notification token (if you enable workout reminders), crash and diagnostic logs, the version of the App you’re running, and basic event data such as which screens you visit. Apple may also share aggregated, anonymised App Analytics data with us through App Store Connect if you have not opted out at the device level.
Website information
When you visit this website we receive standard web request data (IP address, browser type, pages viewed, referrer). If you submit our contact form, we also receive the name, email address, subject, and message you provide. See Cookies & Website Tracking for details on analytics and bot protection.
04How We Use Your Information
We use the information described above to:
- Create and authenticate your account and keep it secure
- Generate, personalise, and update your training program
- Run jump-video analysis and produce coaching feedback
- Power the in-app AI coach chat and motivational nudges
- Track your progress, streaks, and milestones
- Provide and manage your subscription, including restoring purchases
- Send transactional notifications (e.g. workout reminders you opted into)
- Provide customer support and respond to your requests
- Detect, prevent, and address fraud, abuse, or technical issues
- Improve the Services, including model and product quality
- Comply with legal obligations and enforce our Terms of Service
Legal bases (GDPR)
If you are in the EU, EEA, UK, or Switzerland, we rely on the following legal bases under the GDPR:
- Performance of a contract— to provide the Services you signed up for (account creation, program generation, jump analysis, AI coach, subscription management).
- Your explicit consent— for health-related data such as injury notes that you choose to share, and for push notifications. You can withdraw consent at any time.
- Legitimate interests— to keep the Services secure, debug and improve them, prevent abuse, and respond to support requests, provided those interests are not overridden by your rights.
- Legal obligation— where we must retain or disclose information to comply with applicable law.
05How We Share Your Information
We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We share information only with the service providers listed below, and only to the extent necessary to operate the Services.
Service providers we use
- Supabase— hosts our authentication and database. Your account, profile, training data, workout logs, jump-session metadata, AI-coach chat history, and subscription status are stored here.
- Anthropic (Claude API) and OpenAI— generate your training program, exercise instructions, AI-coach replies, and coaching tips. We send only the profile and program context required for each request and do not send your email address or payment details.
- RevenueCat— manages your in-app subscription and receives an opaque subscriber identifier plus your entitlement status. Payment is handled directly by Apple or Google.
- Apple App Store and Google Play— process your purchase and provide the sign-in identity tokens (Apple Sign-In, Google Sign-In) you choose to use.
- Expo Push Notification Service— delivers workout reminder push notifications if you enable them.
- Gmail (Google) SMTP— sends transactional emails such as one-time sign-in codes and account-deletion verification codes from our support address.
- Vercel— hosts this website and provides anonymous, cookie-less analytics about website usage.
- Formspree and Google reCAPTCHA— process contact-form submissions and protect them from automated abuse.
Each provider is bound by its own privacy and security obligations and processes data on our instructions, except where a provider acts as an independent controller for its own service (e.g. Apple and Google for payments and identity).
Legal and safety disclosures
We may disclose information if we believe in good faith that disclosure is required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of JumpKit, our users, or others.
Business transfers
If JumpKit is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will notify you and update this Policy if your information becomes subject to a materially different privacy practice.
06Data Retention
We retain your personal information for as long as your account is active. When you delete your account from within the App, your profile, programs, workout logs, jump-session metadata, chat history, milestones, and notification tokens are removed from our systems within 30 days, subject to short backup-retention windows held by our infrastructure providers.
Original jump videos are retained only as long as needed to process them and for a limited diagnostic window. You may request earlier deletion at any time.
We may retain a limited set of records longer where we are required to do so by law (for example, financial records related to your subscription) or where necessary to resolve disputes, enforce our agreements, or prevent fraud.
07Data Security
We use industry-standard safeguards designed to protect your information:
- All traffic between the App, the website, and our servers is encrypted in transit using TLS (HTTPS).
- Data at rest in our database (Supabase) is encrypted by the provider, with row-level security policies enforcing that you can only read or write your own records.
- Authentication tokens and similar sensitive values are stored on your device in the iOS Keychain or Android Keystore, not in plaintext storage.
- Access to production systems is restricted, audited, and authenticated with strong credentials.
No method of transmission or storage is 100% secure. If we become aware of a personal-data breach that affects you, we will notify you and the relevant regulators as required by applicable law.
08Your Rights
Depending on where you live, you may have some or all of the following rights over your personal information:
- Access— ask for a copy of the personal information we hold about you. The App also provides a data-export endpoint that returns your information as JSON.
- Correction— ask us to correct information that is inaccurate or incomplete. Most profile fields can be updated directly in the App.
- Deletion— ask us to delete your information. You can delete your account from within the App (Settings → Delete Account), or contact us.
- Portability— receive your information in a structured, machine-readable format and have it sent to another controller where technically feasible.
- Objection and restriction— object to or restrict certain processing of your information.
- Withdrawal of consent— where we process information based on your consent (e.g. health-related fields, push notifications), you can withdraw it at any time without affecting prior processing.
- Complaint— lodge a complaint with your local data protection authority (for EU/UK users) or your state attorney general (for US users).
California residents (CCPA / CPRA)
If you are a California resident, you have the rights to know what personal information we collect, to delete it, to correct it, to opt out of the “sale” or “sharing” of personal information, and to limit the use of sensitive personal information, plus the right not to be discriminated against for exercising your rights. JumpKit does not sell or share your personal information as those terms are defined under the CCPA, and we do not use sensitive personal information for any purpose other than providing the Services you requested.
To exercise any of these rights, please reach out through our contact page. We may need to verify your identity before completing your request. We will respond within the timeframe required by applicable law (generally one month under GDPR, 45 days under CCPA).
09International Data Transfers
Our service providers (including Supabase, Anthropic, OpenAI, RevenueCat, Vercel, and Formspree) may process your information in countries outside your country of residence, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards approved by the relevant regulators to ensure your information receives an adequate level of protection.
10Children’s Privacy
The App requires users to confirm they are at least 13 years old during onboarding. If you are between 13 and the age of majority in your jurisdiction, you may use the Services only with the involvement and consent of a parent or legal guardian. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.
11Cookies & Website Tracking
The JumpKit mobile app does not use cookies. On this website:
- Vercel Web Analytics— collects anonymous, aggregated usage data (pages viewed, country, device type) without setting cookies and without using any persistent identifiers tied to you.
- Google reCAPTCHA— protects our contact form from automated abuse. reCAPTCHA may set cookies and collect device and browser information per Google’s policies. It is loaded only on the contact page.
- Formspree— receives your contact-form submission and forwards it to us. Formspree may use cookies and limited tracking on the form submission flow.
You can control cookies through your browser settings. Blocking the reCAPTCHA or Formspree cookies may prevent the contact form from working.
12Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. If the changes are material, we will provide additional notice through the App or by email before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy.
13Contact Us
If you have questions about this Privacy Policy, want to exercise any of the rights described above, or believe we have not handled your information properly, please reach out through our contact page.